http://www.darkreading.com/advanced-threats/cyberespionage-operators-work-in-groups/240156664
By Robert Lemos
Dark Reading
June 13, 2013
In a study of the life cycle of cyberespionage attacks, a group of
researchers at a Taiwanese security startup have found that the nation's
major government agencies encounter a dozen such attacks each day and that
the operators behind the attacks have virtual data centers that appear to
be processing enormous workloads.
The research, which will be presented at the Black Hat Briefings later
this summer, focuses on a part of the espionage life cycle that most
incident responders do not see: the attackers sifting through their data
caches and processing the stolen information in virtual "APT [advanced
persistent threat] operation centers," says Benson Wu, co-founder and lead
security researcher at Taiwan-based Xecure Lab and one of the presenters.
"[We] will show that there are lots of people in these APT operation
centers," Wu says. "We can't see [the] data that is being stolen, but
there are a lot of operators. The workloads are so high that there must be
tons of victims."
Wu -- along with researchers at Academia Sinica/Taiwan, a top research
university -- describes the life cycle of cyberespionage attacks in five
steps: the enemy creates their tools and infrastructure; they then get by
their victim's defenses; they search for and exfiltrate data using their
command-and-control servers; they use a back-end console to gain access to
the data; and they process the stolen information in an APT operations
center. Their research focuses on the last two steps, he says.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
